[SECURITY] Fedora 16 Update: trytond-2.0.4-1.fc16

2012-04-08T03:29:12

Description

Tryton is a three-tiers high-level general purpose application framework written in Python and use PostgreSQL as database engine. It is the core base of an Open Source ERP. It provides modularity, scalability and security. The core of Tryton (also called Tryton kernel) provides all the necessary functionalities for a complete application framework: data persistence (i.e an ORM with extensive modularity), users management (authentication, fine grained control for data access, handling of concurrent access of resources ), workflow and report engines, web services and internationalisation. Thus constituting a complete application platform which can be used for any relevant purpose.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	16	trytond	2.0.4

{"id": "FEDORA:6A28720B6E", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 16 Update: trytond-2.0.4-1.fc16", "description": "Tryton is a three-tiers high-level general purpose application framework written in Python and use PostgreSQL as database engine. It is the core base of an Open Source ERP. It provides modularity, scalability and security. The core of Tryton (also called Tryton kernel) provides all the necessary functionalities for a complete application framework: data persistence (i.e an ORM with extensive modularity), users management (authentication, fine grained control for data access, handling of concurrent access of resources ), workflow and report engines, web services and internationalisation. Thus constituting a complete application platform which can be used for any relevant purpose. ", "published": "2012-04-08T03:29:12", "modified": "2012-04-08T03:29:12", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HET2O3KCOYKRE5BP2JPNQKRCIKL6Q5OY/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2012-0215"], "immutableFields": [], "lastseen": "2020-12-21T08:17:50", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0215"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2444-1:41A00"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-0215"]}, {"type": "fedora", "idList": ["FEDORA:39C4D24EB9", "FEDORA:DD8B8210F7"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2444.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231071246", "OPENVAS:1361412562310864145", "OPENVAS:1361412562310864148", "OPENVAS:1361412562310864342", "OPENVAS:71246", "OPENVAS:864145", "OPENVAS:864148", "OPENVAS:864342"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27903", "SECURITYVULNS:VULN:12316"]}, {"type": "seebug", "idList": ["SSV:60020"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-0215"]}]}, "score": {"value": 5.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-0215"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2444-1:41A00"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-0215"]}, {"type": "fedora", "idList": ["FEDORA:39C4D24EB9"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2444.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310864342"]}, {"type": "seebug", "idList": ["SSV:60020"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-0215"]}]}, "exploitation": null, "vulnersScore": 5.3}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "16", "arch": "any", "packageName": "trytond", "packageVersion": "2.0.4", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"debian": [{"lastseen": "2021-10-21T23:59:52", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2444-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 29, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tryton-server\nVulnerability : privilege escalation\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0215\n\nIt was discovered that the Tryton application framework for Python\nallows authenticated users to escalate their privileges by editing the\nMany2Many field.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.1-2+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.2.2-1.\n\nWe recommend that you upgrade your tryton-server packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-03-29T06:06:23", "type": "debian", "title": "[SECURITY] [DSA 2444-1] tryton-server security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0215"], "modified": "2012-03-29T06:06:23", "id": "DEBIAN:DSA-2444-1:41A00", "href": "https://lists.debian.org/debian-security-announce/2012/msg00072.html", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-06T13:07:56", "description": "Check for the Version of trytond", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for trytond FEDORA-2012-4923", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:864342", "href": "http://plugins.openvas.org/nasl.php?oid=864342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond FEDORA-2012-4923\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tryton is a three-tiers high-level general purpose application framework\n written in Python and use PostgreSQL as database engine. It is the core base\n of an Open Source ERP. It provides modularity, scalability and security.\n\n The core of Tryton (also called Tryton kernel) provides all the necessary\n functionalities for a complete application framework: data persistence (i.e\n an ORM with extensive modularity), users management (authentication, fine\n grained control for data access, handling of concurrent access of resources),\n workflow and report engines, web services and internationalisation. Thus\n constituting a complete application platform which can be used for any\n relevant purpose.\";\n\ntag_affected = \"trytond on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078022.html\");\n script_id(864342);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:08 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0215\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4923\");\n script_name(\"Fedora Update for trytond FEDORA-2012-4923\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of trytond\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond\", rpm:\"trytond~2.2.2~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for trytond FEDORA-2012-4923", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864342", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond FEDORA-2012-4923\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078022.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864342\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:08 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0215\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4923\");\n script_name(\"Fedora Update for trytond FEDORA-2012-4923\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'trytond'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"trytond on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond\", rpm:\"trytond~2.2.2~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:34", "description": "Check for the Version of trytond", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for trytond FEDORA-2012-4988", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:864148", "href": "http://plugins.openvas.org/nasl.php?oid=864148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond FEDORA-2012-4988\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tryton is a three-tiers high-level general purpose application framework\n written in Python and use PostgreSQL as database engine. It is the core base\n of an Open Source ERP. It provides modularity, scalability and security.\n\n The core of Tryton (also called Tryton kernel) provides all the necessary\n functionalities for a complete application framework: data persistence (i.e\n an ORM with extensive modularity), users management (authentication, fine\n grained control for data access, handling of concurrent access of resources),\n workflow and report engines, web services and internationalisation. Thus\n constituting a complete application platform which can be used for any\n relevant purpose.\";\n\ntag_affected = \"trytond on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077034.html\");\n script_id(864148);\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:51:14 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-0215\");\n script_xref(name: \"FEDORA\", value: \"2012-4988\");\n script_name(\"Fedora Update for trytond FEDORA-2012-4988\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of trytond\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond\", rpm:\"trytond~1.8.6~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:07:17", "description": "Check for the Version of trytond", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for trytond FEDORA-2012-4963", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864145", "href": "http://plugins.openvas.org/nasl.php?oid=864145", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond FEDORA-2012-4963\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tryton is a three-tiers high-level general purpose application framework\n written in Python and use PostgreSQL as database engine. It is the core base\n of an Open Source ERP. It provides modularity, scalability and security.\n\n The core of Tryton (also called Tryton kernel) provides all the necessary\n functionalities for a complete application framework: data persistence (i.e\n an ORM with extensive modularity), users management (authentication, fine\n grained control for data access, handling of concurrent access of resources),\n workflow and report engines, web services and internationalisation. Thus\n constituting a complete application platform which can be used for any\n relevant purpose.\";\n\ntag_affected = \"trytond on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077012.html\");\n script_id(864145);\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:48:20 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-0215\");\n script_xref(name: \"FEDORA\", value: \"2012-4963\");\n script_name(\"Fedora Update for trytond FEDORA-2012-4963\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of trytond\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond\", rpm:\"trytond~2.0.4~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for trytond FEDORA-2012-4988", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond FEDORA-2012-4988\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077034.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864148\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:51:14 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-0215\");\n script_xref(name:\"FEDORA\", value:\"2012-4988\");\n script_name(\"Fedora Update for trytond FEDORA-2012-4988\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'trytond'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"trytond on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond\", rpm:\"trytond~1.8.6~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for trytond FEDORA-2012-4963", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864145", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for trytond FEDORA-2012-4963\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864145\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:48:20 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-0215\");\n script_xref(name:\"FEDORA\", value:\"2012-4963\");\n script_name(\"Fedora Update for trytond FEDORA-2012-4963\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'trytond'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"trytond on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"trytond\", rpm:\"trytond~2.0.4~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:11", "description": "The remote host is missing an update to tryton-server\nannounced via advisory DSA 2444-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2444-1 (tryton-server)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071246", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071246", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2444_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2444-1 (tryton-server)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71246\");\n script_cve_id(\"CVE-2012-0215\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:55:20 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2444-1 (tryton-server)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202444-1\");\n script_tag(name:\"insight\", value:\"It was discovered that the Tryton application framework for Python\nallows authenticated users to escalate their privileges by editing the\nMany2Many field.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.1-2+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.2.2-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tryton-server packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tryton-server\nannounced via advisory DSA 2444-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tryton-server\", ver:\"1.6.1-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:53", "description": "The remote host is missing an update to tryton-server\nannounced via advisory DSA 2444-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2444-1 (tryton-server)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71246", "href": "http://plugins.openvas.org/nasl.php?oid=71246", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2444_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2444-1 (tryton-server)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Tryton application framework for Python\nallows authenticated users to escalate their privileges by editing the\nMany2Many field.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.1-2+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.2.2-1.\n\nWe recommend that you upgrade your tryton-server packages.\";\ntag_summary = \"The remote host is missing an update to tryton-server\nannounced via advisory DSA 2444-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202444-1\";\n\nif(description)\n{\n script_id(71246);\n script_cve_id(\"CVE-2012-0215\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:55:20 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2444-1 (tryton-server)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tryton-server\", ver:\"1.6.1-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2022-03-27T14:41:59", "description": "update for CVE-2012-0215\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-09T00:00:00", "type": "nessus", "title": "Fedora 15 : trytond-1.8.6-1.fc15 (2012-4988)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:trytond", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-4988.NASL", "href": "https://www.tenable.com/plugins/nessus/58630", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4988.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58630);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(52804);\n script_xref(name:\"FEDORA\", value:\"2012-4988\");\n\n script_name(english:\"Fedora 15 : trytond-1.8.6-1.fc15 (2012-4988)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update for CVE-2012-0215\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077034.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2204ccc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected trytond package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"trytond-1.8.6-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"trytond\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:41:53", "description": "update for CVE-2012-0215\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-09T00:00:00", "type": "nessus", "title": "Fedora 16 : trytond-2.0.4-1.fc16 (2012-4963)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:trytond", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-4963.NASL", "href": "https://www.tenable.com/plugins/nessus/58629", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4963.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58629);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(52804);\n script_xref(name:\"FEDORA\", value:\"2012-4963\");\n\n script_name(english:\"Fedora 16 : trytond-2.0.4-1.fc16 (2012-4963)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update for CVE-2012-0215\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077012.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c81d5720\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected trytond package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"trytond-2.0.4-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"trytond\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:45", "description": "It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.", "cvss3": {"score": null, "vector": null}, "published": "2012-03-30T00:00:00", "type": "nessus", "title": "Debian DSA-2444-1 : tryton-server - privilege escalation", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tryton-server", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2444.NASL", "href": "https://www.tenable.com/plugins/nessus/58530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2444. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58530);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0215\");\n script_xref(name:\"DSA\", value:\"2444\");\n\n script_name(english:\"Debian DSA-2444-1 : tryton-server - privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Tryton application framework for Python\nallows authenticated users to escalate their privileges by editing the\nMany2Many field.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tryton-server\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2444\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tryton-server packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.1-2+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tryton-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"tryton-server\", reference:\"1.6.1-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2022-03-27T14:41:52", "description": "update for CVE-2012-0215\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "Fedora 17 : trytond-2.2.2-1.fc17 (2012-4923)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:trytond", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-4923.NASL", "href": "https://www.tenable.com/plugins/nessus/58707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4923.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58707);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(52804);\n script_xref(name:\"FEDORA\", value:\"2012-4923\");\n\n script_name(english:\"Fedora 17 : trytond-2.2.2-1.fc17 (2012-4923)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update for CVE-2012-0215\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078022.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9150cf4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected trytond package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:trytond\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"trytond-2.2.2-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"trytond\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "Tryton is a three-tiers high-level general purpose application framework written in Python and use PostgreSQL as database engine. It is the core base of an Open Source ERP. It provides modularity, scalability and security. The core of Tryton (also called Tryton kernel) provides all the necessary functionalities for a complete application framework: data persistence (i.e an ORM with extensive modularity), users management (authentication, fine grained control for data access, handling of concurrent access of resources ), workflow and report engines, web services and internationalisation. Thus constituting a complete application platform which can be used for any relevant purpose. ", "cvss3": {}, "published": "2012-04-08T03:32:36", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: trytond-1.8.6-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0215"], "modified": "2012-04-08T03:32:36", "id": "FEDORA:DD8B8210F7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DGSCXSWAYHP2MYTLVOI4BA4PPMZSWWE5/", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Tryton is a three-tiers high-level general purpose application framework written in Python and use PostgreSQL as database engine. It is the core base of an Open Source ERP. It provides modularity, scalability and security. The core of Tryton (also called Tryton kernel) provides all the necessary functionalities for a complete application framework: data persistence (i.e an ORM with extensive modularity), users management (authentication, fine grained control for data access, handling of concurrent access of resources ), workflow and report engines, web services and internationalisation. Thus constituting a complete application platform which can be used for any relevant purpose. ", "cvss3": {}, "published": "2012-04-12T03:33:05", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: trytond-2.2.2-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0215"], "modified": "2012-04-12T03:33:05", "id": "FEDORA:39C4D24EB9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QQYEWRLDTNFXCUJRDQE3E7RAEVRAIQRL/", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:54:04", "description": "BUGTRAQ ID: 52804\r\nCVE ID: CVE-2012-0215\r\n\r\nPython\u662f\u4e00\u79cd\u9762\u5411\u5bf9\u8c61\u3001\u76f4\u8bd1\u5f0f\u8ba1\u7b97\u673a\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00\uff0c\u4e5f\u662f\u4e00\u79cd\u529f\u80fd\u5f3a\u5927\u7684\u901a\u7528\u578b\u8bed\u8a00\u3002\r\n\r\nPython\u5728trytond\u6a21\u5757\u9a8c\u8bc1\u8bbf\u95ee\u5173\u7cfb\u6a21\u578b\u4e2d\u7684"Many2Many"\u5b57\u6bb5\u7684\u6743\u9650\u65f6\uff0c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u88ab\u5229\u7528\u6dfb\u52a0\u7528\u6237\u5230\u5176\u4ed6\u7ec4\u5e76\u83b7\u53d6\u5176\u4ed6\u6743\u9650\u3002\n0\nDebian Linux 6.0 x\r\nPython trytond 2.2.1\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPython\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nwww.python.org", "cvss3": {}, "published": "2012-03-30T00:00:00", "type": "seebug", "title": "Python 'trytond'\u6a21\u5757'Many2Many'\u5b57\u6bb5\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2012-03-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60020", "id": "SSV:60020", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T11:34:27", "description": "model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.", "cvss3": {}, "published": "2012-07-12T20:55:00", "type": "cve", "title": "CVE-2012-0215", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0215"], "modified": "2012-08-09T04:00:00", "cpe": ["cpe:/a:tryton:trytond:1.4.13", "cpe:/a:tryton:trytond:2.0.5", "cpe:/a:tryton:trytond:2.2.3", "cpe:/a:tryton:trytond:1.6.8", "cpe:/a:tryton:trytond:1.8.7"], "id": "CVE-2012-0215", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0215", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tryton:trytond:1.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:trytond:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:trytond:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:trytond:1.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:trytond:2.2.3:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-06-10T06:01:54", "description": "model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.", "cvss3": {}, "published": "2012-07-12T20:55:00", "type": "debiancve", "title": "CVE-2012-0215", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0215"], "modified": "2012-07-12T20:55:00", "id": "DEBIANCVE:CVE-2012-0215", "href": "https://security-tracker.debian.org/tracker/CVE-2012-0215", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:50:29", "description": "model/modelstorage.py in the Tryton application framework (trytond) before\n2.4.0 for Python does not properly restrict access to the Many2Many field\nin the relation model, which allows remote authenticated users to modify\nthe privileges of arbitrary users via a (1) create, (2) write, (3) delete,\nor (4) copy rpc call.\n\n#### Bugs\n\n * <https://bugs.tryton.org/issue2476>\n", "cvss3": {}, "published": "2012-07-12T00:00:00", "type": "ubuntucve", "title": "CVE-2012-0215", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0215"], "modified": "2012-07-12T00:00:00", "id": "UB:CVE-2012-0215", "href": "https://ubuntu.com/security/CVE-2012-0215", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "osv": [{"lastseen": "2022-05-12T01:08:44", "description": "model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.", "cvss3": {}, "published": "2012-07-12T20:55:00", "type": "osv", "title": "PYSEC-2012-6", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0215"], "modified": "2021-07-05T00:01:27", "id": "OSV:PYSEC-2012-6", "href": "https://osv.dev/vulnerability/PYSEC-2012-6", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2444-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nMarch 29, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : tryton-server\r\nVulnerability : privilege escalation\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-0215\r\n\r\nIt was discovered that the Tryton application framework for Python\r\nallows authenticated users to escalate their privileges by editing the\r\nMany2Many field.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.6.1-2+squeeze1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.2.2-1.\r\n\r\nWe recommend that you upgrade your tryton-server packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJPc/0AAAoJEL97/wQC1SS+F5kH/0NGInrbXAk/UuCJh2zAgqbI\r\npqa1ggZkjLrCP0JiAe/dsRPq/lhd17CoZkPuekxwvI9HppkSWKtwWKCbEKtpcAos\r\nVbJsZZ3TYqrZFJpBzQOFLXTd+Kou2XUFKPV741bfrKZP8CNCZQWZHx0yXmtorfGt\r\nw6/4896Z2lQIPFwCvvseIp3umjFykEAb3WgmD6ZDYzkl6gNXvTRBk4Cd+RLDwKC5\r\n6FFzDbAVI6VQWoO1sXU4qN2KkfqKDM7BQhWcuIXA0ZWn8WLWqNElvmBtagmi/yC4\r\nyOxwoU8jwsV1zBNZMWy2U6NfntKvqVOq0tiE5+e3hCVJYiE5MLi7A7n7mgQF0/g=\r\n=+fGV\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-04-09T00:00:00", "title": "[SECURITY] [DSA 2444-1] tryton-server security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-0215"], "modified": "2012-04-09T00:00:00", "id": "SECURITYVULNS:DOC:27903", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27903", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:47:30", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2012-04-09T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1089", "CVE-2012-1665", "CVE-2012-1670", "CVE-2012-1902", "CVE-2012-1469", "CVE-2012-1664", "CVE-2012-0215", "CVE-2012-1301", "CVE-2012-0047", "CVE-2012-1669", "CVE-2012-1673", "CVE-2012-1608", "CVE-2012-1607", "CVE-2012-1672", "CVE-2012-1671", "CVE-2012-1468", "CVE-2012-1606", "CVE-2012-1467", "CVE-2012-1190"], "modified": "2012-04-09T00:00:00", "id": "SECURITYVULNS:VULN:12316", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12316", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}

[SECURITY] Fedora 16 Update: trytond-2.0.4-1.fc16

Description

Affected Package

Related